Fraud Detection: New Technologies and Analytics (Part II of III)
The battle against fraud is evolving and technology is providing new and important tools to detect and prevent fraud. Companies are using a variety of techniques and include: continuous monitoring; email monitoring; anomaly detection; pattern recognition and artificial intelligence.
Data mining and statistical analysis can be helpful in detecting fraud. By using sophisticated data mining tools, companies can search millions of transactions to spot patterns and detect fraudulent transactions. These tools include decision trees, machine learning, cluster analysis, association rules, and can generate predictive models to predict fraud.
Before discussing sophisticated techniques for fraud detection, let’s start with basic anti-fraud controls. These include segregation of duties for authorization, custody of assets and recording or reporting transactions. In some cases, companies should ensure that their basic controls are in place and re-engineer business procedures to minimize such risks.
Major frauds usually involve senior management, especially those who have the authority to override controls. Employee fraud schemes often involve theft by exploiting control weaknesses, such as stealing cash before it has been recorded fictitious expense reimbursement claims and/or stealing assets from the organization (e.g. computers, ipads, phones). On average, fraud schemes last 18 months before being detected.
Fraud awareness training and communications are important aspects of a fraud prevention program. Every employee should be made aware of the risks of fraud and corporate policies prohibiting such activities. Employees who may be considering engaging in theft can be deterred from such conduct when they learn about robust fraud detection and enforcement policies. Other employees who are committed to honest conduct can be essential allies in reporting suspected fraud to their supervisors. Employees, customers, vendors and related persons can become important sources of tips and information leading to exposure of fraud schemes.
Data analysis is a straight-forward strategy for detecting fraud. The objective is to analyze the entire set of data, e.g. transactional data, master vendor data and application control settings) to identify indicators of fraud. Data analysis techniques can vary from statistical analysis for transactions outside the norm, through analytic tests to identify specific circumstances indicative of fraud. Statistical analysis identifies transactions for closer examination. Another type of statistical test is to look for the presence of certain matches – e.g. employees and suppliers identities, addresses, bank accounts.
Fraudsters are adept at taking advantage of weaknesses or gaps in a company’s internal controls. A perfect example of such a weakness is when business systems do not share or cross-check information. Specific tests for matches of database fields can be an effective way to uncover potential anomalies. Some types of analytic procedures are fairly simple – looking for duplicate payments of an invoice. Data analytic tests, however, have to be carefully designed to avoid an excessive number of exceptions that may overwhelm fraud detectives.
Data analysis software is available for audit, fraud detection and control testing. They usually include pre-established analytic tests, such as classification stratification, duplicate testing, aging, match and compare. In implementing a software solution, a company has to ensure that the software logs all procedures performed and audit trails to support fraud investigations.
Data analysis can address control gaps that often exist in ERP systems. While most ERP systems have certain fraud prevention and detection capabilities, these internal tests are insufficient. In many cases, an EARP system turns off controls when running certain operations to run more efficiently. As a result, it is important to conduct independent data analysis to examine transaction details and a broad range of data. In doing so, an independent examination can include combination and comparison of data from different systems within the company.
After establishing a roster of effective data tests, companies should employ such testing on a continuous or regular basis depending on the nature of the transactions (continuous for daily payments, and periodic for regularly-scheduled payments). Continuous monitoring detection should generate a dashboard and reports. Most companies maintain fraud detection in business processes (e.g. purchase to pay, payroll, travel and entertainment) or areas that are high-risk.